Total
730 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0930 | 1 Servision | 2 Hvg400, Hvg Video Gateway Firmware | 2025-04-12 | 10.0 HIGH | N/A |
| The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session. | |||||
| CVE-2016-0049 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2025-04-12 | 2.1 LOW | 6.2 MEDIUM |
| Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass." | |||||
| CVE-2015-7911 | 1 Saia Burgess Controls | 28 Pcd1.m0xx0, Pcd1.m0xx0 Firmware, Pcd1.m2xx0 and 25 more | 2025-04-12 | 10.0 HIGH | 9.1 CRITICAL |
| Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via an FTP session. | |||||
| CVE-2016-5890 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-12 | 3.5 LOW | 5.3 MEDIUM |
| IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. | |||||
| CVE-2015-7277 | 1 Ampedwireless | 2 R10000, R10000 Firmware | 2025-04-12 | 9.3 HIGH | 9.8 CRITICAL |
| The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | |||||
| CVE-2015-3001 | 1 Sysaid | 1 Sysaid | 2025-04-12 | 5.0 MEDIUM | N/A |
| SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. | |||||
| CVE-2016-5838 | 1 Wordpress | 1 Wordpress | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. | |||||
| CVE-2014-9736 | 1 Gehealthcare | 1 Centricity Clinical Archive Audit Trail Repository | 2025-04-12 | 10.0 HIGH | N/A |
| GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors. | |||||
| CVE-2014-9248 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | 5.0 MEDIUM | N/A |
| Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406. | |||||
| CVE-2014-2014 | 1 Imapsync Project | 1 Imapsync | 2025-04-12 | 4.3 MEDIUM | N/A |
| imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network. | |||||
| CVE-2014-2752 | 1 Sap | 1 Business Object Processing Framework For Abap | 2025-04-12 | 7.5 HIGH | N/A |
| SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2015-6336 | 1 Cisco | 5 Aironet 1830e, Aironet 1830i, Aironet 1850e and 2 more | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
| Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vectors, aka Bug ID CSCuw58062. | |||||
| CVE-2016-4325 | 1 Lantronix | 1 Xprintserver Firmware | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. | |||||
| CVE-2015-7462 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 2.1 LOW | 4.4 MEDIUM |
| IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program. | |||||
| CVE-2014-4366 | 1 Apple | 1 Iphone Os | 2025-04-12 | 5.0 MEDIUM | N/A |
| Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||||
| CVE-2014-5422 | 1 Carefusion | 1 Pyxis Supplystation | 2025-04-12 | 9.7 HIGH | N/A |
| CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2004-2777 | 1 Gehealthcare | 1 Centricity Image Vault Firmware | 2025-04-12 | 10.0 HIGH | N/A |
| GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | |||||
| CVE-2014-4811 | 1 Ibm | 5 San Volume Controller Software, Storwize V3500, Storwize V3700 and 2 more | 2025-04-12 | 7.5 HIGH | N/A |
| IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a direct request to the administrative IP address. | |||||
| CVE-2014-4864 | 1 Netgear | 1 Prosafe Firmware | 2025-04-12 | 3.3 LOW | N/A |
| The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file. | |||||
| CVE-2014-6099 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach. | |||||